White Paper. COBIT 5 & BiSL

Transcription

1 White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management processes are executed effectively and efficiently. COBIT guides enterprises in rigorous governance and management of processes and other enablers related to demand, supply and use of information and technology. It provides much guidance for assurance of benefits realization, risk optimization and resource optimization. It refers to the predominantly IT-supply oriented frameworks and standards ITIL, TOGAF, PMBOK, PRINCE2, COSO and ISO for additional specific guidance. Because BiSL provides extensive guidance regarding the content of the processes for demand and use of information and technology, COBIT and BiSL can also be regarded as complimentary frameworks. Machteld Meijer & Mark Smalley, 28 January

2 COBIT 5 According to its owner, ISACA, COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 helps enterprises of all sizes to: Maintain high-quality information to support business decisions Achieve strategic goals and realize business benefits through the effective and innovative use of IT Achieve operational excellence through reliable, efficient application of technology Maintain IT-related risk at an acceptable level Optimize the cost of IT services and technology Support compliance with relevant laws, regulations, contractual agreements and policies BiSL The Business Information Services Library (BiSL), according to its owner, the ASL BiSL Foundation, establishes a bridge between IT and business processes, and between business information administrators and information managers. The BiSL process model provides an insight into all of the primary processes within their field of operations and into the relationship between the various processes. It offers a starting point for the improvement of these processes using best practices, amongst other things, and it provides uniform terminology. The domain that BiSL addresses is referred to as business information management that is defined as the means by which an organization efficiently plans, collects, organizes, uses, controls, disseminates and disposes of its information, and through which it ensures that the value of that information is identified and exploited to the fullest extent. It is a corporate responsibility that needs to be addressed and followed from the most senior levels of management to the front line worker. Organizations must be held and must hold their employees accountable to manage information appropriately and responsibly. [Ref: BIM] 2

3 Comparison of scope COBIT offers guidance to help enterprises govern and manage enablers related to information and IT in order to achieve goals and thereby create value for their stakeholders. These are: Principles, policies and frameworks Processes Organizational structures Culture, ethics and behaviors Information Services, infrastructure and applications People, skills and competences. BiSL offers guidance to help enterprises manage and execute processes and activities related to managing business information and to the demand and use of IT. BiSL addresses six of the seven enablers, as illustrated in the following table. Italic text denotes the process or process cluster in which the enabler is to be found. COBIT Principles, policies and frameworks Processes Organizational structures Culture, ethics and behaviors Information Services, infrastructure and applications People, skills and competences BiSL I-organization strategy: Supplier policy Policy for the information function Policy for inter-enterprise information chains Information strategy: Information policy 23 processes for information management Strategic user relationship management: Organizational structure of the information function Information coordination: Authorities matrix - 1. Business information Information strategy: Information strategy Information architecture 2. GEIT information In all processes: High-level information flow needed to support execution of business information management processes Contract management: Required IT services Planning and resource management: Annual resourcing plan for execution of business information management 3

4 Implementation of business information management requires insight into: which activities should be executed and which measures should be taken to manage the activities and risks and to assure benefits realization, risk optimization and resource optimization. Most of BiSL s guidance addresses the first point, whereas COBIT is stronger in the second area. Similarities and differences BiSL does not address IT supply and therefore has a narrower scope as far as the information technology supply chain is concerned. BiSL also addresses fewer enablers, focusing on the processes and activities needed to execute the processes. Regarding the execution of activities, COBIT focusses on governing and managing the execution of activities whereas BiSL focusses on management and the content of the activities. BiSL also addresses managing the execution of activities in terms of time, costs, quality and agreements but with less emphasis on assurance than COBIT, that uses an extensive set of key practices to manage benefits realization, risk optimization and resource optimization. Two thirds of the COBIT key practices and the management practices apply partially to business information management. Half of these practices spans one or two BiSL processes while the other half spans three to six BiSL processes. The following two tables illustrate the core similarities and differences in the scope of COBIT and BiSL. The two main points are that BiSL (1) just focuses on demand and use, and (2) gives more detailed practitioner guidance. BiSL focuses on demand and use COBIT BiSL Use of information Management of information Use of IT IT demand IT supply BiSL gives more detailed practitioner guidance COBIT BiSL Governance Management of enablers/resources Management of execution of activities Execution of activities 4

5 Application of COBIT in combination with BiSL for business information management Many COBIT practices apply to business information management and contribute to providing assurance that business information management processes are executed effectively. The COBIT-BiSL cross reference below gives an indication of the relationship between the COBIT processes and the BiSL process clusters. A cross reference on a more detailed level was the basis of this mapping. Business information managers who want to use COBIT key practices to assure themselves and stakeholders that the information systems (in the broadest sense of the word) in an organization are under control, can use the more detailed cross reference to determine in which BiSL processes they should implement the key practices. BiSL does not provide specific guidance as to how to comply with the key practices but gives an extensive description of the content of the processes. COBIT refers explicitly to BiSL s in-depth guidance in the COBIT 5 Enabling Information publication: A useful reference framework to consult for more detailed management of demand and use of information is the Business Information Services Library (BiSL). Relationship: x = weak xxxx = strong I-organization strategy Information coordination Information strategy Management processes Use management Connecting processes Functionality management EDM Evaluate, Direct and Monitor x x x APO Align, Plan and Organize x xx xxx BAI Build, Acquire and Implement xx x xx xxxx DSS Deliver, Service and Support xx MEA Monitor, Evaluate and Assess 5

6 Conclusion COBIT guides enterprises in rigorous governance and management of processes and other enablers related to demand, supply and use of information and technology. It provides much guidance for assurance of benefits realization, risk optimization and resource optimization. It refers to the predominantly IT-supply oriented frameworks and standards ITIL, TOGAF, PMBOK, PRINCE2, COSO and ISO for additional specific guidance. Because BiSL provides extensive guidance regarding the content of the processes for demand and use of information and technology, COBIT and BiSL can also be regarded as complimentary frameworks. References [COBIT] [BiSL] [BIM] ISACA website COBIT 5 Enabling Processes, 2012 COBIT 5 Enabling Information, 2013 Business information Services Library publications/books/ bisl-een-framework-voor-business-informatiemanagement Business information management function whitepapers/doc_download/ white-paper-bim-function-v5-m-smalley 6

7 Acknowledgements The authors are grateful to Gary Bannister, APMG Chief Examiner COBIT, and Mark Thomas, President itsmf USA COBIT Special Interest Group, for reviewing and endorsing this paper. Authors Dr. Machteld Meijer is a self-employed senior consultant at Maise. She is Chief examiner for APM Group for the ASL and BiSL examinations, a member of ISO working groups and an active member of the ASL BiSL Foundation. Machteld is widely recognized as an expert in the fields of Business Information Management and Application Management, supported by many publications and presentations. Further details and publications at: Mark Smalley is responsible for global promotion at the not-for-profit, vendor-independent ASL BiSL Foundation and is a self-employed IT Management Consultant at Smalley.IT. He is specialized in Application Lifecycle Management and IT Governance. Mark is a regular speaker at international conferences, where he has reached out to thousands of IT professionals. Follow & engage with Mark on Further details, publications & speaking engagements at 7

White Paper Comparison of ISO/IEC 20000 with ASL and BiSL Both ISO/IEC 20000 and ASL offer guidance for IT Service Providers, ISO/IEC 20000 giving broad guidance for IT Service Management and ASL focusing

ASL 2, An introduction Machteld Meijer and Louk Peters - Introduction - Why ASL? - What is ASL? - ASL framework - What can you do with ASL? - ASL in relation to other frameworks - More Info Introduction

Frameworks and related products that help professionals attain value from information systems. Dear valued professional, In today s business landscape, executives must ensure that their IT is working as

Business : An introduction to BiSL An introduction to BiSL A framework for business - An introduction - Why BiSL? - BIM and BITA - Recent ideas relating to business - What is BiSL? - What can you do with

Frameworks for IT ment 14 BiSL Business Information Services Library The Business Information Services Library (BiSL) has a focus on how business organizations can improve control over their information

A Business Framework for the Governance and Management of Enterprise IT These following pages provide a preview of the information contained in COBIT 5. The COBIT 5 framework is available as a complimentary

INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally

IT service management is often equated with the Information Technology Infrastructure Library (ITIL), even though there are a variety of standards and frameworks contributing to the overall ITSM discipline.

COBIT The comprehensive IT governance framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT4.1 Does your enterprise s IT support the business? Is it aligned

Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a

For IT V3 and Sound Guidance for Application and Application Development Machteld Meijer, Mark Smalley & Sharon Taylor Alignment White Paper January 2008 V3 & : A Comparison Abstract In May 2007, the Office

Increasing IT Value and Reducing Risk More for Less with COBIT5 Copyright 2012 ITpreneurs. All rights reserved. 1 COBIT 5 the Next Evolution 2 COBIT 5 Released in April 2012 COBIT5 is the eagerly awaited

Business : An introduction to BiSL An introduction to BiSL A framework for business - An introduction - Why BiSL? - BIM and BITA - Recent ideas relating to business - What is BiSL? - What can you do with

IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,

COBIT 5 Foundation Workshop COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5: A Business Framework for the Governance and Management

TOGAF TOGAF & Major IT Frameworks, Architecting the Family by Danny Greefhorst, MSc., Director of ArchiXL TOGAF is a registered trademark of The Open Group. Copyright 2013 ITpreneurs. All rights reserved.

Course Catalogue 2015 Brussels Luxembourg Paris Version V1R0 Released on 5 th November 2014 0 Foreword Dear Reader, I am very pleased that I can present you the Course Catalogue 2015 of D&H Academy. It

BiSL A Framework for Business Information Management Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains:

Frameworks for IT Management Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net 18 ITIL - the IT Infrastructure

Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision

Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

1 11 Tips to make the s definition process more effective and results more usable This article discusses what I believe are the key techniques for making s definition process repeatable from project to

Frameworks for IT Management 13 Generic Framework for Information Management This information management framework consists of three domains through which information problems can be considered: activity

Introduction: ITIL Version 3 and the ITIL Process Map V3 IT Process Maps www.it-processmaps.com IT Process Know-How out of a Box IT Process Maps GbR, 2009-2 - Contents HISTORY OF ITIL... 4 The Beginnings...

COBIT 5 A Management Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT and IT Management

28 th Bled econference June 7-10, 2015; Bled, Slovenia What are the factors that influence the success of the BiSL framework for business information management? Frank van Outvorst The Lifecycle Company

1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

ITIL: What it is What it Can Do For You V2.1 Service Solution Company Facilitated by: Patrick Musto Agenda Answer the questions what? and how? Historical Background Fundamental Principles 5 Lifecycle Phases

What Makes PMI Certifications Stand Apart? Many certifications exist for managers that claim to offer practitioners and organizations a number of benefits. So, why are PMI credentials unique? PMI certifications

The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its

1. ITIL Defined The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom s Office Of Government Commerce (OGC). The guidance, documented in a set of

The role of Information Governance in an Enterprise Architecture Framework Richard Jeffrey-Cook, MBCS, CITP, FIRMS Head of Information and Records Management In-Form Consult Ltd, Cardinal Point Park Road,

IT & Governance Diagnostic Program Prepared for Sample IT Company This report was prepared by Info-Tech Research Group for Sample IT Company on 2015-05-20. Data is comprised of 6 responses. IT & Governance

ISO/IEC 20000 Part 1 the next edition Lynda Cooper project editor for ISO20000 part 1 Agenda The ISO20000 series Why has it changed Changes ITIL3 impact New requirements Changed requirements How to prepare

M 1: Management Overview Agenda The Open Group The Open Group Architecture Framework (TOGAF 9.1) Certification Level 1 and Level 2 Architecture Forum Mission Stakeholders and Value What is an Enterprise?

Copyright protected. Use is for Single Users only via a VHP Approved License. BiSL A Management Guide Copyright protected. Use is for Single Users only via a VHP Approved License. Other publications by

BEST PRACTICES WHITE PAPER Maximize the synergies between ITIL and DevOps By Anthony Orr, Director of Service Management, Office of the CTO, BMC Software TABLE OF CONTENTS EXECUTIVE SUMMARY...............................................

Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA ). This product includes COBIT 5, used by permission

Proposal of the improvement of actual ITIL version based on comparative IT Service Management methodologies and standards The implementation of IT Service Management frameworks and standards Anel Tanovic*,

www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance

Feature Mathew Nicho, Ph.D., CEH, SAP-SA, RWSP, is the director of the Master of Science program at the College of Information Technology at the University of Dubai (Dubai, UAE). He trains students/professionals

Consultants Alliance LLC Professional Development Programs About CA: Consultants Alliance (CA) is a local organization dedicated to promote the culture of Service Excellence in public and private sectors.